OAN’s Elizabeth Volberding
3:20 PM – Thursday, September 14, 2023
After a cyberattack struck MGM Resorts on Sunday, including its Las Vegas gaming giant properties such as the Bellagio and the MGM Grand, Caesars Entertainment claimed that it was also a target of a cyberattack.
On Thursday, Caesars announced in a Securities and Exchange Commission (SEC) filing that hackers had gained access to “a significant number” of customer information and Social Security numbers of those registered for the Caesars loyalty program.
“After detecting the suspicious activity, we quickly activated our incident response protocols and implemented a series of containment and remediation measures to reinforce the security of our information technology network,” Caesars said in the filing.
According to people familiar with the situation, hackers utilized a social engineering technique in which a person posing as an employee contacted the company’s Information Technology (IT) help line to request a password change.
Caesars stated that the incident resulted from a social engineering attack on a vendor who provided outsourced IT support, but it didn’t elaborate on “the unauthorized actor” who was responsible for it. Additionally, Caesars stated that there is no evidence that passwords, payment or bank account information was accessed.
This makes Caesars Entertainment the second major Las Vegas hotel and casino operator to disclose that it had been hacked in recent days.
Furthermore, Caesars’ announcement regarding the cyberattacks came after MGM Resorts, which is the biggest operator on the Las Vegas Strip, responded to its own cybersecurity incident. MGM is still recovering from a cyber attack that occurred on Sunday which led to important services such as reservations, booking, and even some casino operations being unavailable.
MGM explained that the “cybersecurity issue” on Sunday prompted the company to shut down “certain systems.” Slot machines, sports-betting kiosks, digital keys for hotel rooms, online reservations and credit-card transactions were shut down.
As a result, MGM managed its resorts with backup procedures. The protocols included some properties checking guests in with pen and paper and paying out of slot machine wins manually.
“We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly,” MGM Resorts said a statement on Thursday. “We couldn’t do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience.”
“It was kind of chaotic,” Las Vegas visitor Walter Haywood said to KTNV. “The machines wouldn’t take our ticket. Lines everywhere. Just chaos.”
Unlike MGM, Caesars had not yet dealt with public service outages being hacked until recently.
Caesars shared that it had “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”
Additionally, the company said that it had not seen evidence that data accessed in the cyberattack has been published or misused so far. Participants in the company’s loyalty program will receive credit that monitors and identifies theft protection. Caesars is planning to alert customers affected in the coming weeks.
Hotels and casinos have potential to be profitable targets for hackers due to the large amount of personal and financial data that they can gather from customers. Such attacks present a challenging decision for victims: possibly dealing with the fallout from disclosures or destructive cyberattacks, or giving money to cybercriminals and trusting them to retreat.
Ultimately, the SEC created rules that require companies to report cybersecurity events within four days of being deemed material to their business which will go into effect in December.
Stay informed! Receive breaking news blasts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts